yetangitu/pixelfed
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update DangerZone middleware to use session instead of cookie

Browse source
This commit is contained in:
Daniel Supernault 2018-09-09 21:44:51 -06:00
parent 336deae05b
commit d90cfffa3f
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/Http/Controllers/AccountController.php
View file

@ -291,9 +291,10 @@ class AccountController extends Controller
]);
$user = Auth::user();
$password = $request->input('password');
$next = $request->cookie('redirectNext') ?:'/';
$next = $request->session()->get('redirectNext', '/');
if(password_verify($password, $user->password) === true) {
return redirect($next)->withCookie('sudoMode', time());
$request->session()->put('sudoMode', time());
return redirect($next);
}
return redirect($next);
}